Date: Thu, 6 Apr 2006 17:39:00 -0400 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: web server attack Message-ID: <MIEPLLIBMLEEABPDBIEGAEECHEAA.fbsd_user@a1poweruser.com>
next in thread | raw e-mail | index | archive | help
Posted this at 11am and now its 5:30pm and still have not seen this post return from the list mailer. So posting it again. In my httpd-access.log I have started receiving a lot of these. Looks like some kind of attack to me. This first showed up in my log on April fools day 4/1/06 and get 4 per hour since then. The IP address changes every time I add it to firewall rules to block. Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules? 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400] "\x04\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "\x05\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400] "GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGAEECHEAA.fbsd_user>